5.12 Compliance and Audit
5.12.1 Compliance Reporting
| Regulation |
Requirement |
ISE/DNAC Feature |
Report |
| PCI-DSS 7.1 |
Access control |
Authorization policies |
ISE Auth Report |
| PCI-DSS 8.1 |
User identification |
802.1X authentication |
ISE Auth Report |
| PCI-DSS 10.1 |
Audit trails |
RADIUS accounting |
ISE Accounting |
| SOC2 CC6.1 |
Logical access |
SGT-based segmentation |
DNAC Policy Report |
| GDPR Art.32 |
Access logging |
RADIUS live logs |
ISE Audit Report |
| HIPAA |
Access control |
Role-based policies |
ISE Auth Report |
5.12.2 Audit Log Configuration
! Enable comprehensive logging on network devices
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
logging buffered 65536 informational
logging host 10.252.1.30 transport udp port 514
! AAA accounting
aaa accounting dot1x default start-stop group RADIUS-GROUP
aaa accounting exec default start-stop group TACACS-GROUP
aaa accounting commands 15 default start-stop group TACACS-GROUP
aaa accounting network default start-stop group RADIUS-GROUP
5.12.3 ISE Audit Reports
# Administration > System > Logging > Remote Logging Targets
Audit_Logging:
SIEM_Integration:
Target: siem.corp.local
Port: 6514
Protocol: TLS-Syslog
Format: RFC 5424
Events:
- Administrative Changes
- Policy Changes
- Authentication Events
- Authorization Changes
Scheduled_Audit_Reports:
# Operations > Reports > Report Scheduler
Weekly_Admin_Audit:
Report: Device Administration Audit
Schedule: Weekly (Monday 08:00)
Recipients: security-audit@corp.local
Monthly_Policy_Changes:
Report: Policy Change Audit
Schedule: Monthly (1st, 08:00)
Recipients: compliance@corp.local
Quarterly_Access_Review:
Report: Authentication Summary
Schedule: Quarterly
Recipients: audit@corp.local
5.12.4 Compliance Evidence Collection
# Quarterly Compliance Evidence Package
Evidence_Package:
Network_Segmentation:
- DNAC Virtual Network configuration export
- SGACL policy matrix export
- Firewall rule export
- Traffic flow samples showing enforcement
Access_Control:
- ISE authorization policy export
- User authentication success rates
- Failed authentication analysis
- Service account review
Audit_Trails:
- RADIUS accounting logs (sample)
- TACACS+ admin logs (sample)
- Configuration change logs
- Policy change audit trail
Encryption:
- MACsec configuration evidence
- TLS certificate inventory
- RADIUS encryption settings
Change_Management:
- Change tickets for period
- CAB meeting minutes
- Emergency change documentation